Deep technical details of how we combined HTTP request tunneling and path traversal vulnerabilities to permit unauthorized RCE in Qlik Sense.
Our team identified a request smuggling vulnerability that led to complete compromise of an F5 system with the TMUI exposed.